17 matches found
CVE-2026-27811
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...
Roxy-WI 操作系统命令注入漏洞
Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the /config/compare///show endpoint, where command...
CVE-2026-27811 Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...
CVE-2026-27811
CVE-2026-27811 affects the Roxy-WI web interface. Prior to version 8.2.6.3, a command injection exists in the /config/compare///show endpoint. The root cause is in app/modules/config/config.py on line 362, where user input is directly formatted into a template string that is eventually executed, ...
CVE-2026-27811 Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...
CVE-2026-27811 Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...
PT-2026-25962
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...
CVE-2025-64753
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
CVE-2025-64753
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
CVE-2025-64753
CVE-2025-64753 Summary : Grist-core versions prior to 1.7.7 expose the full version history and change details to users with partial read access via the /compare endpoint. Root cause: insufficient access control on document/version comparisons. Impact: disclosure of changes that may include data ...
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
EUVD-2025-177187
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions
grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...
PT-2025-46917
Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.7.7 Description grist-core is a spreadsheet hosting server. A user with limited read access to a document could access endpoints that reveal hashes for different versions of the document and obtain a complete lis...
WordPress Plugin Burst Statistics Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-14576 · Rconfig · Rconfig
Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.7 Description: A SQL injection issue exists in rConfig via "lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command=" which may interact with secure-file-priv. Recommendations: For rConfig version 3.9.7, consider disabling...